I’ve been playing with Logstash recently, just this week I was asked to import a Fortigate firewall log. I did this by putting up a logstash syslog interface on a specific port, tagging the inbound traffic as type=fortigate and then using a simple RE and the kv{} filter to parse the log.

This morning a discussion with a friend about various shells lead me to think it would be nice if my bash shell could tab complete hostnames from .ssh/known_hosts when I type ‘ssh <tab>’. I soon found this blog post which nicely documents how to do it. I made a directory in $HOME called .bash.completion and then added this to my .profile, which loops round any files in there, sourcing them individually:

if [ -d ${HOME}/.bash.completion ]; then
for file in ${HOME}/.bash.completion/* ; do
source $file
done
fi

All sorted. However, it wasn’t long before I discovered that ‘ssh user@<tab>’ doesnt work, I tend to use this quite a lot so wanted to see if I could fix up the bash function to support that use case. Bit of hacking around and I’ve got it working, the replacement ssh-completion file is shown below:

A new project I’ve just deployed onto live uses the fast and lightweight beanstalkd work queue. As part of putting it into live I wanted to get at least some basic monitoring on the beanstalkd daemon. All my servers run monit for keeping an eye on processes I care about, so that seemed a good place to start.

I had a bit of a look around the interwebs but couldn’t find any examples, so I set about putting something together myself. As it turns out beanstalkd has a nice simple text protocol, detailed in protocol.txt which is included in the source, and monit has the ability to send and expect arbitrary strings to a given port. For starters I’ve set it up to issue a stats command and check for the expected response which is:

This is a pretty simple check but at least will enable monit to alert if beanstalkd isn’t listening or is returning garbage.

I think in the long term I’d like nagios to alert on the current-jobs-delayed and possibly the current-waiting variables reported by the stats-tube command for a given tube, but that is for another day!

Another thought is possibly to have a cacti graph of the total-jobs field, it looks like a always increasing counter, so should be pretty trivial to hook up to cacti.

I seem to have a inherent disklike of Debian and the feeling appears to be mutual. It never makes my life easy. Just this morning I needed to install it on a Dell R210 rather than our usual Centos builds. The server is 15 odd miles away, so I took my standard route of PXE installing. After downloading the netboot.tar.gz and dropping the right files in place on my netboot server, I booted the R210 and began the install. Only a couple of screens in I was presented with this most unhelpful message. So I have to drive 30 miles to plug a usb stick into this machine to continue? That isn’t acceptable imho.

In my case it was the non free firmware for the Broadcom ethernet cards in the machine, I needed this package.

Turns out there is a fix. You just need to download the missing .deb, cpio it and cat it into the end of the initrd:

So on the day of iOS6 Apple also released the 3.4 update to Aperture and osX 10.8.2. It seems if you apply all these updates, Aperture first updates your library, and then quits every time you load it. Brilliant, gee thanks Apple. why bother with actually testing software, you wouldn’t want to dent the 100 billion you have in the bank. Anyway, apparently it is something to do with the Facebook account info held within Aperture, you can zero this out by runnning the following at the command line:

% defaults remove com.apple.Aperture AccountConfigurations

This worked for me but Aperture no longer knew about my Flickr, or Facebook accounts. At least I got my photos back. Between this and iOS6 maps, this isn’t a great week to own Apple products.

I quite often used to find myself wanting to print from my iPad, so when Apple announced AirPrint I thought things were looking good. According to the press release you would need either a HP printer or you could print to a shared printer on an existing mac. Sorted, I’ve got the latter of those, things were looking rosy.

Things took a turn for the worse when I read that they had pulled support for printing via shared printers and were only going to allow AirPrint to certain (at the moment only HP) printers. I wanted the feature, but not enough to replace my trusty Lexmark.

Luckily there are people like this guy on the internet who took the time to figure out how it works and have since published a nice simple guide about how to setup a Linux box as a AirPrint server. Mainly thanks to Cups and some Avahi magic.

Sorted! And I’ve used it sufficiently to think spending an hour or so setting it up was worth while.